Privacy Policy and Information Pursuant to Article 13 of EU Regulation 2016/679

Nature of Data Provision

The personal data requested is collected by the website www.costampsrl.it and processed on digital media to fulfill contact requests, bookings, and inquiries.

Data Controller

Costamp S.r.l. – Via Zignola, 12 – Forlì (Z.I. VILLANOVA) – 47122 (FC) – Italy – Tel. 0543 754217 – Fax. 0543 754110 – VAT and Tax Code 01829310406 Email of Data Controller: info@costampsrl.it

Data Processors

Third parties may become aware of the Users’ personal data and process it on behalf of the Controller as “External Data Processors.” These third parties may include IT service providers, outsourced services or cloud computing providers, professionals, and consultants. Users have the right to request a list of any appointed data processors from the Controller.

Purpose of Data Processing

The data provided will be retained by the Controller for the following purposes, in compliance with EU Regulation 2016/679 (GDPR):
  1. To install optional technical cookies on the user’s device, as stated in the cookie policy.
  2. To make data available to third parties for purposes strictly necessary to fulfill requested services or comply with legal requirements.
  3. To manage user data for providing responses.
  4. To fulfill requests for the exercise of the data subject’s rights.
  5. To ensure lawful data processing and safeguard confidentiality by implementing appropriate security measures.
All processing carried out on this site will be performed with electronic or online tools, in accordance with the specified purposes and security standards. Consent for these processes, except for optional cookie installation (if not present), is mandatory; refusal may prevent the management of activities listed from points 1 to 5 above.

Data Recipients

To provide the service to which the user has subscribed, data may be made available to third parties acting as data processors. These third parties deliver instrumental services to meet user requests, such as employment consultants, banks, and professionals in administration/accounting. The data may also be made available to law enforcement (e.g., crime prevention), the judiciary, competent public authorities, or when necessary to assert or defend rights in legal proceedings. Users can request a list of these third parties from the Controller.

Data Retention Period

Based on identified purposes, the following data retention periods apply:
  1. Installation of technical cookies on the user’s device: as per the disclaimer on the website http://www.costamp.it/.
  2. Data availability to third parties for strictly necessary purposes: until a user requests deletion or as required by law.
  3. Fulfilling requests to exercise the data subject’s rights: up to 10 years from collection. Data retention periods are documented in our processing activity logs.

Data Subject’s Rights

The following rights are guaranteed to the data subject:
  • Right of access (Art. 15 EU Reg. 2016/679)
  • Right to rectification (Art. 16 EU Reg. 2016/679)
  • Right to erasure (Art. 17 EU Reg. 2016/679)
  • Right to restriction (Art. 18 EU Reg. 2016/679)
  • Right to data portability (Art. 20 EU Reg. 2016/679)
  • Right to object (Art. 21 EU Reg. 2016/679)
If data was obtained based on consent, the data subject may withdraw this consent at any time. Additionally, if a data subject believes any rights have been violated, they may file a complaint with the Data Protection Authority following the instructions provided at: https://www.garanteprivacy.it/home/diritti/come-agire-per-tutelare-i-tuoi-dati-personali.

Data Security

The Controller employs the highest technical standards, such as “firewalls” and SSL (Secure Socket Layer) transmission, to ensure the confidentiality of personal information. Techniques are in place to prevent unauthorized access by third parties. Preventive security measures are also adopted by third-party processors, following specific guidelines and procedures set by the Controller.

Browsing Data

The IT systems and software procedures of this site may acquire, during normal operations, certain personal data whose transmission is implicit in Internet communication protocols. These data are not collected to identify users but, through processing and associations, may identify them. These data categories include IP addresses, URI (Uniform Resource Identifier) addresses, request times, methods used for requests, and additional technical details. The data are used only for statistical purposes and are deleted immediately post-processing, unless necessary for investigating potential cybercrimes affecting the site.